Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81 matches found

Veracode
Veracodeadded 2024/01/29 5:38 a.m.14 views

Arbitrary Code Execution

Processwire is vulnerable to Arbitrary Code Execution. The vulnerability is due to the downloadzipurl parameter when installing new modules. which allows an attacker to execute arbitrary code and install a reverse shell...

7.2CVSS7.8AI score0.00088EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2024/01/24 9:30 p.m.29 views

Arbitrary Code Execution in Processwire

An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module...

7.2CVSS7.9AI score0.00088EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/01/24 9:30 p.m.16 views

GHSA-2CVG-W29M-J8XC Arbitrary Code Execution in Processwire

An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module...

7.2CVSS7.2AI score0.00088EPSS
Exploits1References3
OSV
OSVadded 2024/01/24 9:15 p.m.11 views

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

7.2CVSS7.2AI score
Exploits0References1
NVD
NVDadded 2024/01/24 9:15 p.m.7 views

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

7.2CVSS7.3AI score0.00088EPSS
Exploits1References1
Prion
Prionadded 2024/01/24 9:15 p.m.12 views

Code injection

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

5.8CVSS8AI score0.00088EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/01/24 12:0 a.m.1 views

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

7.5AI score0.00088EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/01/24 12:0 a.m.12 views

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

7.5AI score0.00088EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/01/24 12:0 a.m.1 views

PT-2024-12039 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.210 Description: An issue in ProcessWire allows attackers to execute arbitrary code and install a reverse shell via the download zip url parameter when installing a new module. This issue is disputed as it requires the...

7.2CVSS7.8AI score0.00088EPSS
Exploits1References9
CNNVD
CNNVDadded 2024/01/24 12:0 a.m.1 views

ProcessWire security vulnerability

ProcessWire is a friendly and powerful open source CMS with a robust API. A security vulnerability exists in ProcessWire version 3.0.210, which originates from a vulnerability that allows an attacker to install a reverse shell via the downloadzipurl parameter when installing a new module and...

7.2CVSS7.3AI score0.00088EPSS
Exploits1References2
CVE
CVEadded 2024/01/24 12:0 a.m.44 views

CVE-2023-24676

ProcessWire 3.0.210 is affected by a vulnerable download_zip_url parameter used when installing a new module, which can allow arbitrary code execution and a reverse shell. The Red Hat, Veracode, OSV, and related entries concur with the core issue; exploitation is described as requiring admin priv...

7.2CVSS7.2AI score0.00088EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2022/11/01 7:32 a.m.13 views

Cross-Site Scripting (XSS)

processwire is vulnerable to cross-site scripting. The vulnerability exists due to lack of CSRF session validations in the executeEditBookmark function in rocessPageListerBookmarks.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

6.5CVSS6.1AI score0.0033EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2022/11/01 5:57 a.m.57 views

Cross-Site Scripting (XSS)

processwire is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the search users and search pages functions which allows an attacker to inject and execute arbitrary JavaScript...

6.1CVSS6.2AI score0.00496EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2022/10/31 7:0 p.m.19 views

ProcessWire vulnerable to Cross-site Scripting

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

6.1CVSS6.4AI score0.00496EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/10/31 7:0 p.m.21 views

GHSA-8G35-PRRR-GXXF ProcessWire vulnerable to Cross-site Scripting

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

6.1CVSS6.3AI score0.00496EPSS
Exploits0References4
OSV
OSVadded 2022/10/31 7:0 p.m.26 views

GHSA-VPWH-QMWC-2PHG ProcessWire vulnerable to Cross-Site Request Forgery

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

6.5CVSS6.4AI score0.0033EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/10/31 7:0 p.m.22 views

ProcessWire vulnerable to Cross-Site Request Forgery

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

6.5CVSS6.4AI score0.0033EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2022/10/31 12:15 p.m.9 views

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

6.5CVSS0.0033EPSS
Exploits0References2
OSV
OSVadded 2022/10/31 12:15 p.m.11 views

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

6.5CVSS6.5AI score
Exploits0References2
OSV
OSVadded 2022/10/31 12:15 p.m.9 views

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

6.1CVSS6.3AI score
Exploits0References2
Rows per page
Query Builder